964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7

Analysis

max time kernel
150s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
Size

75KB
MD5

9958c05d28e92d6b808bbedf2879335a
SHA1

ec6a7837cbccc18a40a7a5bf724b46f96782fcf9
SHA256

964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7
SHA512

781269252ecc59c0b96d04558f29b3a9dc8858f9f0b8ead725280114efa4e620472de6489ce9e53d402c735ae0ba829ea5d5c8264d07e7d30901dcec0d4486bb
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/n:6e7WpMaxeb0CYJ97lEYNR73e+eKZn

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5093) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.tree.dat.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jre-1.8\bin\jli.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jre-1.8\lib\management-agent.jar.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-pl.xrm-ms.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Encoding.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-phn.xrm-ms.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ppd.xrm-ms.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clretwrc.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Sybase.xsl.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-runtime-l1-1-0.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-ms.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-140.png.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Dynamic.Runtime.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Extensions.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Classic.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\rsod\osmux.x-none.msi.16.x-none.tree.dat.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l1-2-0.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-180.png.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL086.XML.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.CodePages.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CERTINTL.DLL.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Xaml.resources.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.tree.dat.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp	964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe

C:\Users\Admin\AppData\Local\Temp\964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe
"C:\Users\Admin\AppData\Local\Temp\964f1d1d71a86e64a75815d86d7a04cfe74b21d98e6674324fb397fb0b49def7.exe"
1⤵
- Drops file in Program Files directory
PID:3416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-17203666-93769886-2545153620-1000\desktop.ini.tmp

Filesize
75KB

MD5
c2b3ea2275c75924e0332c275ba5e6cb

SHA1
fd377f1324643ca69aecc376d88ff29fbedb7e03

SHA256
29ff1fe084950f952b19166fc3910a0b64bb0ea2e585f9cbbc88cc719daac701

SHA512
abb2b39f196b88ef112c7582621b841aa811a56e76ed68dad906e161d48e3c6d15553fb976cd05816c5c2b55dcdce15e467c69d5e8b2aac93189a039a35216a3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
174KB

MD5
498b11bad0ac66cf067dfb3c0f443b5f

SHA1
205e5e4f5c2822a383700de3b8908547be8b6f35

SHA256
042606b78b81963896af07247c037ebe3308bbf12c9c6b5826316ada22fedece

SHA512
7868fdabddb8f6e93204e9f70a7496d9fc0494caeec7d2e28983a31422be647ce2e569f0f22b6fa6a75c6d5225defc86cece99137b8bfbb1600efb5741b6d00b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads